Strange DNS DOS attack — Endless Recursive Queries for <blank domain>These are public-facing servers -- I do clearly understand the need for the two different types. The problem is that I can't seem to configure the servers not to return the root hints for this specific. I'm going to have to do more experiments to see if I can find a solution. Sadly our firewall doesn't seem to be sophisticated enough to filter only this type of request (i.e. a valid DNS request from a random for a blank domain). It is true that 10 requests a second isn't the end of the world, but it's annoying and, until Alnitak's explanation, I didn't understand the point.

Jul25

comment

Strange DNS DOS attack — Endless Recursive Queries for <blank domain>Thank you, I think this is the explanation I was looking for. I have tried to configure the W2K3 DNS service to return REFUSED, but it seems to always respond with a list of root hints, regardless of what settings I use. Perhaps this is why they choose this particular construction of query?